Skip to content

feat(gmail): add --safe flag to get and thread get commands#238

Open
urasmutlu wants to merge 2 commits intosteipete:mainfrom
urasmutlu:urasmutlu-feat/add-safe-mode-for-email-get
Open

feat(gmail): add --safe flag to get and thread get commands#238
urasmutlu wants to merge 2 commits intosteipete:mainfrom
urasmutlu:urasmutlu-feat/add-safe-mode-for-email-get

Conversation

@urasmutlu
Copy link

@urasmutlu urasmutlu commented Feb 12, 2026
edited
Loading

Summary

Closes #220

  • Add --safe flag to gmail get and gmail thread get commands that sanitizes email output for secure display
  • Strips HTML using a full parser (not regex), removing scripts, styles, and tags
  • Replaces all HTTP/HTTPS URLs with [url removed] to prevent phishing and tracking
  • Decodes HTML entities to catch obfuscated URLs (e.g. https://...)
  • In JSON mode, provides a sanitized bodies map and clears raw body data from the payload
  • Suppresses List-Unsubscribe header in safe mode to avoid leaking URLs

New flags

  • gog gmail get <messageId> --safe
  • gog gmail thread get <threadId> --safe

Test plan

  • Unit tests for safeExtractTextFromHTML (11 cases including malformed HTML, script/style removal, entities)
  • Unit tests for stripURLs (7 cases)
  • Unit tests for sanitizeBodyText (6 cases including HTML entity obfuscation)
  • Unit tests for sanitizeText (3 cases)
  • Unit tests for clearPayloadBodies (verifies text/* cleared, attachments preserved)
  • Integration-style tests for gmail get --safe in both JSON and text modes
  • Integration-style test for gmail thread get --safe in both JSON and text modes
  • make fmt and make lint pass with 0 issues

🤖 Generated with Claude Code

urasmutlu and others added 2 commits February 11, 2026 00:50
@urasmutlu @claude
feat(gmail): add --safe flag to get and thread get commands
46a2b7e 
Sanitize email output by stripping HTML via a full parser, removing
URLs to prevent phishing/tracking, and decoding HTML entities. In JSON
mode a sanitized bodies map is provided and raw body data is cleared.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@urasmutlu
Merge remote-tracking branch 'origin/main' into urasmutlu-feat/add-sa…
d038e32 
…fe-mode-for-email-get

# Conflicts:
#	internal/cmd/gmail_thread.go
@urasmutlu urasmutlu mentioned this pull request Feb 15, 2026
Open
@drewburchfield drewburchfield mentioned this pull request Feb 24, 2026
Open
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature Request: --safe flag for gmail read/get to sanitize email content

1 participant

@urasmutlu